/*
 * Copyright (c) 2017. All  rights reserved.
 * 项目名：microservice-base
 * 文件名：WebSecurityConfig.java
 * Date  ：17-11-16 下午4:51
 * Author：abin
 *
 */

package com.microservice.base.config;

import com.microservice.base.common.TokenAuthentication;
import com.microservice.base.common.filter.JWTAuthenticationFilter;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;


/**
 * Created by Administrator on 2017/11/14.
 */
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
	// 设置 HTTP 验证规则

	@Bean
	JWTAuthenticationFilter jWTAuthenticationFilter() {
		return new JWTAuthenticationFilter();
	}

	@Bean
	TokenAuthentication tokenAuthenticationSV() {
		return new TokenAuthentication();
	}

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		// 关闭csrf验证
		http.csrf().disable()
				// 对请求进行认证
                .authorizeRequests()
				.antMatchers("/inner/**").permitAll()//内部接口放行
				.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()//跨域请求全部通过
				.antMatchers("/swagger-ui.html").permitAll()//swaggert html放行
				.antMatchers("/swagger-resources")
				.permitAll().antMatchers("/beans").permitAll()// 显示所有的spring bean
				.antMatchers("/autoconfig").permitAll()// 显示自动配置信息
				.antMatchers("/configprops").permitAll()// 显示配置属性列表
				.antMatchers("/dump").permitAll()// 显示线程活动的快照
				.antMatchers("/env").permitAll()// 显示应用程序的环境变量
				.antMatchers("/health").permitAll()// 显示应用程序的健康指标
				.antMatchers("/info").permitAll()// 显示应用的信息
				.antMatchers("/mappings").permitAll()// 显示所有的URL路径
				.antMatchers("/metrics").permitAll()// 显示应用的度量标准信息
				.antMatchers("/trace").permitAll()// 显示跟踪信息
				.antMatchers("/druid/**").permitAll()//显示连接池
				// /api/user/v1/login form表单提交登录
				.antMatchers(HttpMethod.POST, "/api/user/v1/login").permitAll()
				// /api/user/v2/login json串提交登录
				.antMatchers(HttpMethod.POST,  "/api/user/v2/login").permitAll()
				.antMatchers(HttpMethod.GET, "/v2/api-docs").permitAll()
				// 所有请求需要身份认证
				.anyRequest().authenticated().and()
				// 添加一个过滤器验证其他请求的Token是否合法
				.addFilterBefore(jWTAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
	}

	/**
	 * 忽略静态资源
	 * 
	 * @param web
	 * @throws Exception
	 */
	@Override
	public void configure(WebSecurity web) throws Exception {
		web.ignoring().antMatchers("/webjars/**").antMatchers("/swagger-resources/**");
		// 可以仿照上面一句忽略静态资源
	}

	@Bean
	@Override
	public AuthenticationManager authenticationManagerBean() throws Exception {
		return super.authenticationManagerBean();
	}
}
